Bug 189107 - RFE: rpm http transport does not support redirects.
RFE: rpm http transport does not support redirects.
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
:
: 152285 190010 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-16 05:53 EDT by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-12 07:26:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
gdb backtrace from crash (4.84 KB, text/plain)
2006-04-16 05:53 EDT, Ville Skyttä
no flags Details

  None (edit)
Description Ville Skyttä 2006-04-16 05:53:11 EDT
FC5, rpm-4.4.2-15.2, reproduced on x86_64 and i386, crashes when -qRp'ing some
packages over URLs.  It doesn't happen for all packages, but here's a reproducer:

$ rpm -qRp
http://dag.wieers.com/packages/mplayerplug-in/mplayerplug-in-3.25-1.fc2.rf.i386.rpm
error: open of
http://dag.wieers.com/packages/mplayerplug-in/mplayerplug-in-3.25-1.fc2.rf.i386.rpm
failed:
error: open of
http://dag.wieers.com/packages/mplayerplug-in/mplayerplug-in-3.25-1.fc2.rf.i386.rpm
failed:
warning: _url_cache[0] 0x52f890 nrefs(5538079) != 1 (�T )
*** glibc detected *** /usr/lib/rpm/rpmq: double free or corruption (out):
0x0000003292344c60 ***
======= Backtrace: =========
/lib64/libc.so.6[0x329216d7a3]
/lib64/libc.so.6(__libc_free+0x84)[0x329216d924]
/usr/lib64/librpmio-4.4.so(XurlFree+0x2b0)[0x3e640311a0]
/usr/lib64/librpmio-4.4.so(urlFreeCache+0x71)[0x3e64031e71]
/usr/lib/rpm/rpmq[0x401e14]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x329211d084]
/usr/lib/rpm/rpmq[0x4018e9]
======= Memory map: ========
00400000-00403000 r-xp 00000000 08:03 12983851                          
/usr/lib/rpm/rpmq
00502000-00505000 rw-p 00002000 08:03 12983851                          
/usr/lib/rpm/rpmq
00505000-00568000 rw-p 00505000 00:00 0                                  [heap]
3291400000-3291419000 r-xp 00000000 08:03 10857947                      
/lib64/ld-2.4.so
3291519000-329151a000 r--p 00019000 08:03 10857947                      
/lib64/ld-2.4.so
329151a000-329151b000 rw-p 0001a000 08:03 10857947                      
/lib64/ld-2.4.so
3291600000-3291611000 r-xp 00000000 08:03 10857959                      
/lib64/libresolv-2.4.so
3291611000-3291711000 ---p 00011000 08:03 10857959                      
/lib64/libresolv-2.4.so
3291711000-3291712000 r--p 00011000 08:03 10857959                      
/lib64/libresolv-2.4.so
3291712000-3291713000 rw-p 00012000 08:03 10857959                      
/lib64/libresolv-2.4.so
3291713000-3291715000 rw-p 3291713000 00:00 0
3291800000-3291802000 r-xp 00000000 08:03 10857960                      
/lib64/libcom_err.so.2.1
3291802000-3291901000 ---p 00002000 08:03 10857960                      
/lib64/libcom_err.so.2.1
3291901000-3291902000 rw-p 00001000 08:03 10857960                      
/lib64/libcom_err.so.2.1
3292100000-329223f000 r-xp 00000000 08:03 10857948                      
/lib64/libc-2.4.so
329223f000-329233f000 ---p 0013f000 08:03 10857948                      
/lib64/libc-2.4.so
329233f000-3292343000 r--p 0013f000 08:03 10857948                      
/lib64/libc-2.4.so
3292343000-3292344000 rw-p 00143000 08:03 10857948                      
/lib64/libc-2.4.so
3292344000-3292349000 rw-p 3292344000 00:00 0
3292400000-3292402000 r-xp 00000000 08:03 10857953                      
/lib64/libdl-2.4.so
3292402000-3292502000 ---p 00002000 08:03 10857953                      
/lib64/libdl-2.4.so
3292502000-3292503000 r--p 00002000 08:03 10857953                      
/lib64/libdl-2.4.so
3292503000-3292504000 rw-p 00003000 08:03 10857953                      
/lib64/libdl-2.4.so
3292600000-3292680000 r-xp 00000000 08:03 10857949                      
/lib64/libm-2.4.so
3292680000-3292780000 ---p 00080000 08:03 10857949                      
/lib64/libm-2.4.so
3292780000-3292781000 r--p 00080000 08:03 10857949                      
/lib64/libm-2.4.so
3292781000-3292782000 rw-p 00081000 08:03 10857949                      
/lib64/libm-2.4.so
3292800000-3292811000 r-xp 00000000 08:03 12692506                      
/usr/lib64/libelf-0.119.so
3292811000-3292910000 ---p 00011000 08:03 12692506                      
/usr/lib64/libelf-0.119.so
3292910000-3292911000 rw-p 00010000 08:03 12692506                      
/usr/lib64/libelf-0.119.so
3292a00000-3292a57000 r-xp 00000000 08:03 12700271                      
/usr/lib64/libsqlite3.so.0.8.6
3292a57000-3292b57000 ---p 00057000 08:03 12700271                      
/usr/lib64/libsqlite3.so.0.8.6
3292b57000-3292b59000 rw-p 00057000 08:03 12700271                      
/usr/lib64/libsqlite3.so.0.8.6
3292e00000-3292e29000 r-xp 00000000 08:03 12700045                      
/usr/lib64/libbeecrypt.so.6.4.0
3292e29000-3292f28000 ---p 00029000 08:03 12700045                      
/usr/lib64/libbeecrypt.so.6.4.0
3292f28000-3292f2c000 rw-p 00028000 08:03 12700045                      
/usr/lib64/libbeecrypt.so.6.4.0
3293000000-3293014000 r-xp 00000000 08:03 12698008                       Aborted
(core dumped)
Comment 1 Ville Skyttä 2006-04-16 05:53:11 EDT
Created attachment 127795 [details]
gdb backtrace from crash
Comment 2 Jeff Johnson 2006-04-25 08:25:04 EDT
The URL is returning 302, redirects not handled by rpm.
Comment 3 Jeff Johnson 2006-04-27 17:35:42 EDT
*** Bug 190010 has been marked as a duplicate of this bug. ***
Comment 4 Jeff Johnson 2006-07-02 08:08:04 EDT
*** Bug 152285 has been marked as a duplicate of this bug. ***
Comment 5 Red Hat Bugzilla 2007-08-21 01:23:38 EDT
User pnasrat@redhat.com's account has been closed
Comment 6 Jerry James 2007-08-21 10:22:24 EDT
Bug 190010 has some information that should be recorded here.  For one thing,
the bug happens when the remote repository does not respond.  To trigger the
bug, therefore, it is sufficient to do something like this:

  rpm -ivh http://rpm.nosuchorg.org/thereisnosuchpackage.rpm

Here is what happens when that command is issued under valgrind (there is more
output, but this is the important part for this bug):

==17800== Invalid free() / delete / delete[]
==17800==    at 0x4905208: free (vg_replace_malloc.c:235)
==17800==    by 0x385FB3124B: XurlFree (in /usr/lib64/librpmio-4.4.so)
==17800==    by 0x385FB31E80: urlFreeCache (in /usr/lib64/librpmio-4.4.so)
==17800==    by 0x4040DB: ??? (rpmqv.c:886)
==17800==    by 0x33AC91D083: __libc_start_main (in /lib64/libc-2.4.so)
==17800==  Address 0x8525F08 is 0 bytes inside a block of size 176 free'd
==17800==    at 0x4905208: free (vg_replace_malloc.c:235)
==17800==    by 0x385FB3124B: XurlFree (in /usr/lib64/librpmio-4.4.so)
==17800==    by 0x385FB1D1B9: (within /usr/lib64/librpmio-4.4.so)
==17800==    by 0x385FB1D524: davOpen (in /usr/lib64/librpmio-4.4.so)
==17800==    by 0x385FB2697D: (within /usr/lib64/librpmio-4.4.so)
==17800==    by 0x385FB26EA0: Fopen (in /usr/lib64/librpmio-4.4.so)
==17800==    by 0x385FB30C65: urlGetFile (in /usr/lib64/librpmio-4.4.so)
==17800==    by 0x35A9637B30: rpmInstall (in /usr/lib64/librpm-4.4.so)
==17800==    by 0x404927: ??? (rpmqv.c:790)
==17800==    by 0x33AC91D083: __libc_start_main (in /lib64/libc-2.4.so)

which implicates the urlFree in davInit (rpmio/rpmdav.c) as the place where the
first free() took place.
Comment 7 Panu Matilainen 2007-08-22 02:30:28 EDT
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 8 Panu Matilainen 2007-08-27 08:06:29 EDT
Moving to devel, FC5 is EOL. Rpm crashing on failure with neon transport is
essentially the same in here and bug 190010, supporting redirects (which is the
request here) is a different issue.
Comment 9 Panu Matilainen 2007-09-12 07:26:00 EDT
The crash has been fixed some time ago, additionally upstream rpm.org now
supports redirects if the used helper does (curl etc do):

$ ./rpmq -qpi
http://dag.wieers.com/packages/mplayerplug-in/mozilla-mplayer-0.95-1.rhel2.1.dag.i386.rpm
warning:
http://dag.wieers.com/packages/mplayerplug-in/mozilla-mplayer-0.95-1.rhel2.1.dag.i386.rpm:
Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Name        : mozilla-mplayer              Relocations: /usr 
Version     : 0.95                              Vendor: Dag Apt Repository,
http://dag.wieers.com/apt/
Release     : 1.rhel2.1.dag                 Build Date: Sun 01 Feb 2004 12:40:08
PM EET
Install Date: (not installed)               Build Host: localhost
Group       : Applications/Internet         Source RPM:
mozilla-mplayer-0.95-1.rhel2.1.dag.src.rpm
Size        : 198465                           License: GPL
Signature   : DSA/SHA1, Tue 03 Feb 2004 12:12:31 PM EET, Key ID a20e52146b8d79e6
Packager    : Dag Wieers <dag@wieers.com>
URL         : http://mplayerplug-in.sourceforge.net/
Summary     : MPlayer plugin for Mozilla.
Description :
This package contains a plugin for the Mozilla browser that makes it
possible to use the MPlayer movie player in Mozilla.

Note You need to log in before you can comment on or make changes to this bug.